<?php
 

define('IN_SCRIPT',1);

/* Get all the required files and functions */
require_once('hd_settings.inc.php');
require_once('language/'.$hd_settings['language'].'.inc.php');
require_once('inc/common.inc.php');

/* Print header */
require_once('inc/header.inc.php');

$message=hd_input($_POST['message'],$hdlang['enter_message']);
$message=hd_makeURL($message);
$message=nl2br($message);
$orig_name=hd_input($_POST['orig_name'],"$hdlang[int_error]: No orig_name");
$replyto=hd_isNumber($_POST['orig_id'],"$hdlang[int_error]: No or invalid orig_id");
$trackingID=hd_input($_POST['orig_track'],"$hdlang[int_error]: No orig_track");
$trackingURL=$hd_settings['hd_url'].'/request.php?track='.$trackingID.'&Refresh='.rand(10000,99999);

/* Attachments */
if ($hd_settings['attachments']['use']) {
    require_once('inc/attachments.inc.php');
    $attachments = array();
    for ($i=1;$i<=$hd_settings['attachments']['max_number'];$i++) {
        $att = hd_uploadFile($i);
        if (!empty($att)) {
            $attachments[$i] = $att;
        }
    }
}
$myattachments='';

/* Connect to database */
require_once('inc/database.inc.php');
hd_dbConnect() or hd_error("$hdlang[cant_connect_db] $hdlang[contact_webmsater] $hd_settings[webmaster_mail]!");

if ($hd_settings['attachments']['use'] && !empty($attachments)) {
    foreach ($attachments as $myatt) {
        $sql = "INSERT INTO `hd_attachments` (`request_id`,`saved_name`,`real_name`,`size`) VALUES ('$trackingID', '$myatt[saved_name]', '$myatt[real_name]', '$myatt[size]')";
        $result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");
        $myattachments .= hd_dbInsertID() . '#' . $myatt['real_name'] .',';
    }
}

/* Make sure the request is open */
$sql = "UPDATE `hd_requests` SET `status`='1',`lastreplier`='0',`lastchange`=NOW() WHERE `id`=$replyto LIMIT 1";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");

/* Add reply */
$sql = "
INSERT INTO `hd_replies` (
`replyto`,`name`,`message`,`dt`,`attachments`
)
VALUES (
'$replyto','$orig_name','$message',NOW(),'$myattachments'
)
";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");

$sql = "SELECT `subject`,`residence` FROM `hd_requests` WHERE `id`=$replyto LIMIT 1";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");
$request = hd_dbFetchAssoc($result);
$residence=$request['residence'];

/* Need to notify any admins? */
$admins=array();
$sql = "SELECT `email`,`isadmin`,`residences` FROM `hd_users` WHERE `notify`='1'";
$result = hd_dbQuery($sql) or hd_error("$hdlang[cant_sql]: $sql</p><p>$hdlang[mysql_said]:<br>".mysql_error()."</p><p>$hdlang[contact_webmsater] $hd_settings[webmaster_mail]");
while ($myuser=hd_dbFetchAssoc($result))
{
    /* Is this an administrator? */
    if ($myuser['isadmin']) {$admins[]=$myuser['email']; continue;}
    /* Not admin, is he allowed this residence? */
    $res=substr($myuser['residences'], 0, -1);
    $myuser['residences']=explode(",",$res);
    if (in_array($residence,$myuser['residences']))
    {
        $admins[]=$myuser['email']; continue;
    }
}
if (count($admins)>0)
{
$trackingURL_admin=$hd_settings['hd_url'].'/admin_request.php?track='.$trackingID;

/* Get e-mail message for Student */
$fp=fopen('emails/new_reply_by_Student.txt','r');
$message=fread($fp,filesize('emails/new_reply_by_Student.txt'));
fclose($fp);

$message=str_replace('%%NAME%%',$orig_name,$message);
$message=str_replace('%%SUBJECT%%',$request['subject'],$message);
$message=str_replace('%%TRACK_ID%%',$trackingID,$message);
$message=str_replace('%%TRACK_URL%%',$trackingURL_admin,$message);
$message=str_replace('%%SITE_TITLE%%',$hd_settings['site_title'] ,$message);
$message=str_replace('%%SITE_URL%%',$hd_settings['site_url'] ,$message);

/* Send e-mail to staff */
$email=implode(',',$admins);
$headers="From: $hd_settings[noreply_mail]\n";
$headers.="Reply-to: $hd_settings[noreply_mail]\n";
@mail($email,$hdlang['new_reply_request'],$message,$headers);
} // End if

?>
<p class="smaller"><a href="<?php echo $hd_settings['site_url']; ?>"
class="smaller"><?php echo $hd_settings['site_title']; ?></a> &gt;
<a href="index.php?a=start" class="smaller"><?php echo $hd_settings['hd_title']; ?></a>
&gt; <?php echo $hdlang['reply_submitted']; ?><br>&nbsp;</p>
</td>
</tr>
<tr>
<td>

<p>&nbsp;</p>

<h3 align="center"><?php echo $hdlang['reply_submitted']; ?></h3>

<p>&nbsp;</p>

<p align="center"><?php echo $hdlang['reply_submitted_success']; ?>!</p>
<p align="center"><a href="<?php echo $trackingURL; ?>"><?php echo $hdlang['view_your_request']; ?></a></p>

<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>

<?php
require_once('inc/footer.inc.php');
?>
